⅔ causes of cyber incidents are identified via external recognition or monitoring on hacking forums (data from the PwC Threat Watch platform). The implementation of maturity assessment and threat intelligence tools can help you know the vulnerabilities of your environment, to better identify them, anticipate them and remedy incidents quickly and effectively.
For more than half of executives, cybersecurity issues pose a threat to their company’s economic growth (26th Global CEO Survey PwC, 2023). Moreover, nearly 45% of French companies said they were affected by a successful cyber attack in 2022 (8th edition of the Barometer on the cybersecurity of French companies, CESIN).
This important awareness is correlated with the evolution of the cyber threat, which is now ubiquitous, is becoming more complex and often evolves faster than defense. Sources and attack surfaces are becoming more numerous. In parallel, the legal obligations related to cyber obligations extend under the influence of regulators (NIS2 in Europe).
In this context, the implementation of a number of best practices can help you apprehend the cyber threat that has become systemic with more serenity. Among them, cyber evaluation becomes a must-have.
The virtuous circle of cyber evaluation
1. The first step is to assess your cyber situation: self-assess yourself!
It is indeed essential to know how your company stands against certain cyber imperatives. For this, it is important to rely on known and recognized benchmarks, which ensure a reliable evaluation on proven criteria. The NIST CSF (National Institute of Standard and Technology Cybersecurity Framework) or ISO 27001 standards offer recognized analytical grids, widely used and guiding the company’s cyber policy around checkpoints including identification, protection, detection, incident response and remediation.
By conducting these assessments on the basis of a trusted repository, you identify your level of maturity on the various elements that constitute the repository. This assessment is essential to reliably measure your cyber maturity and is the starting point of your cyber policy.
2. Complete your cyber maturity assessment with a peer comparison
By conducting your cyber assessment around recognized repositories, you also offer yourself the opportunity to compare yourself with other companies, in your sector of activity or of similar size. Thus, you establish constructive comparisons, you identify the best practices of your sector and you take inspiration from best in class to progress.
3. Measure your cyber maturity to progress: set goals and identify your margins for progress
Once your self-assessment is completed, you are now able to establish a cyber roadmap based on progress points, quantified and measurable objectives, and comparative elements. By knowing the strengths and weaknesses of your device, you can more accurately establish your roadmap. Most importantly, this assessment needs to be ongoing and subject to frequent reassessments, as well as regular updates that incorporate gaps as you progress.
Also, the assessment of your cyber maturity should allow you to identify your strengths and your margins of progress in a process of continuous improvement and ultimately to evolve your operating model towards more cyber resilience.
The assessment of cyber maturity is therefore an essential step for the implementation and steering of a cyber roadmap, but it must be accompanied by active monitoring of threats. The latter is an essential pillar in the overall cyber strategy and one cannot go without the other. Knowledge of technical vulnerabilities, malicious groups, data leaks, and other risks that may threaten the business are essential in implementing good cyber hygiene.